hxxps://p[.]xn--90aaxfccpcbdc2c1dvc[.]xn--p1ai/return[.]php?p=TUsxP3NoYWRpLmRhbmRhc2hpQGNldmFsb2dpc3RpY3MuY29tPzExODA1P3ByZWZlckBvLmZsb3JpZGFyZW8ubmV0

Resubmissions

02/09/2024, 01:05

240902-bfl2psxhph 3

Analysis

max time kernel
299s
max time network
276s
platform
windows10-1703_x64
resource
win10-20240404-en
resource tags

arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
submitted
02/09/2024, 01:05

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://p.xn--90aaxfccpcbdc2c1dvc.xn--p1ai/return.php?p=TUsxP3NoYWRpLmRhbmRhc2hpQGNldmFsb2dpc3RpY3MuY29tPzExODA1P3ByZWZlckBvLmZsb3JpZGFyZW8ubmV0

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133697127358104891"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
4400	chrome.exe
4400	chrome.exe
992	chrome.exe
992	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
4400	chrome.exe
4400	chrome.exe
4400	chrome.exe
4400	chrome.exe
4400	chrome.exe
4400	chrome.exe
4400	chrome.exe
4400	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4400	chrome.exe
Token: SeCreatePagefilePrivilege	4400	chrome.exe
Token: SeShutdownPrivilege	4400	chrome.exe
Token: SeCreatePagefilePrivilege	4400	chrome.exe
Token: SeShutdownPrivilege	4400	chrome.exe
Token: SeCreatePagefilePrivilege	4400	chrome.exe
Token: SeShutdownPrivilege	4400	chrome.exe
Token: SeCreatePagefilePrivilege	4400	chrome.exe
Token: SeShutdownPrivilege	4400	chrome.exe
Token: SeCreatePagefilePrivilege	4400	chrome.exe
Token: SeShutdownPrivilege	4400	chrome.exe
Token: SeCreatePagefilePrivilege	4400	chrome.exe
Token: SeShutdownPrivilege	4400	chrome.exe
Token: SeCreatePagefilePrivilege	4400	chrome.exe
Token: SeShutdownPrivilege	4400	chrome.exe
Token: SeCreatePagefilePrivilege	4400	chrome.exe
Token: SeShutdownPrivilege	4400	chrome.exe
Token: SeCreatePagefilePrivilege	4400	chrome.exe
Token: SeShutdownPrivilege	4400	chrome.exe
Token: SeCreatePagefilePrivilege	4400	chrome.exe
Token: SeShutdownPrivilege	4400	chrome.exe
Token: SeCreatePagefilePrivilege	4400	chrome.exe
Token: SeShutdownPrivilege	4400	chrome.exe
Token: SeCreatePagefilePrivilege	4400	chrome.exe
Token: SeShutdownPrivilege	4400	chrome.exe
Token: SeCreatePagefilePrivilege	4400	chrome.exe
Token: SeShutdownPrivilege	4400	chrome.exe
Token: SeCreatePagefilePrivilege	4400	chrome.exe
Token: SeShutdownPrivilege	4400	chrome.exe
Token: SeCreatePagefilePrivilege	4400	chrome.exe
Token: SeShutdownPrivilege	4400	chrome.exe
Token: SeCreatePagefilePrivilege	4400	chrome.exe
Token: SeShutdownPrivilege	4400	chrome.exe
Token: SeCreatePagefilePrivilege	4400	chrome.exe
Token: SeShutdownPrivilege	4400	chrome.exe
Token: SeCreatePagefilePrivilege	4400	chrome.exe
Token: SeShutdownPrivilege	4400	chrome.exe
Token: SeCreatePagefilePrivilege	4400	chrome.exe
Token: SeShutdownPrivilege	4400	chrome.exe
Token: SeCreatePagefilePrivilege	4400	chrome.exe
Token: SeShutdownPrivilege	4400	chrome.exe
Token: SeCreatePagefilePrivilege	4400	chrome.exe
Token: SeShutdownPrivilege	4400	chrome.exe
Token: SeCreatePagefilePrivilege	4400	chrome.exe
Token: SeShutdownPrivilege	4400	chrome.exe
Token: SeCreatePagefilePrivilege	4400	chrome.exe
Token: SeShutdownPrivilege	4400	chrome.exe
Token: SeCreatePagefilePrivilege	4400	chrome.exe
Token: SeShutdownPrivilege	4400	chrome.exe
Token: SeCreatePagefilePrivilege	4400	chrome.exe
Token: SeShutdownPrivilege	4400	chrome.exe
Token: SeCreatePagefilePrivilege	4400	chrome.exe
Token: SeShutdownPrivilege	4400	chrome.exe
Token: SeCreatePagefilePrivilege	4400	chrome.exe
Token: SeShutdownPrivilege	4400	chrome.exe
Token: SeCreatePagefilePrivilege	4400	chrome.exe
Token: SeShutdownPrivilege	4400	chrome.exe
Token: SeCreatePagefilePrivilege	4400	chrome.exe
Token: SeShutdownPrivilege	4400	chrome.exe
Token: SeCreatePagefilePrivilege	4400	chrome.exe
Token: SeShutdownPrivilege	4400	chrome.exe
Token: SeCreatePagefilePrivilege	4400	chrome.exe
Token: SeShutdownPrivilege	4400	chrome.exe
Token: SeCreatePagefilePrivilege	4400	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
4400	chrome.exe
4400	chrome.exe
4400	chrome.exe
4400	chrome.exe
4400	chrome.exe
4400	chrome.exe
4400	chrome.exe
4400	chrome.exe
4400	chrome.exe
4400	chrome.exe
4400	chrome.exe
4400	chrome.exe
4400	chrome.exe
4400	chrome.exe
4400	chrome.exe
4400	chrome.exe
4400	chrome.exe
4400	chrome.exe
4400	chrome.exe
4400	chrome.exe
4400	chrome.exe
4400	chrome.exe
4400	chrome.exe
4400	chrome.exe
4400	chrome.exe
4400	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4400	chrome.exe
4400	chrome.exe
4400	chrome.exe
4400	chrome.exe
4400	chrome.exe
4400	chrome.exe
4400	chrome.exe
4400	chrome.exe
4400	chrome.exe
4400	chrome.exe
4400	chrome.exe
4400	chrome.exe
4400	chrome.exe
4400	chrome.exe
4400	chrome.exe
4400	chrome.exe
4400	chrome.exe
4400	chrome.exe
4400	chrome.exe
4400	chrome.exe
4400	chrome.exe
4400	chrome.exe
4400	chrome.exe
4400	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4400 wrote to memory of 1392	4400	chrome.exe	73
PID 4400 wrote to memory of 1392	4400	chrome.exe	73
PID 4400 wrote to memory of 4108	4400	chrome.exe	75
PID 4400 wrote to memory of 4108	4400	chrome.exe	75
PID 4400 wrote to memory of 4108	4400	chrome.exe	75
PID 4400 wrote to memory of 4108	4400	chrome.exe	75
PID 4400 wrote to memory of 4108	4400	chrome.exe	75
PID 4400 wrote to memory of 4108	4400	chrome.exe	75
PID 4400 wrote to memory of 4108	4400	chrome.exe	75
PID 4400 wrote to memory of 4108	4400	chrome.exe	75
PID 4400 wrote to memory of 4108	4400	chrome.exe	75
PID 4400 wrote to memory of 4108	4400	chrome.exe	75
PID 4400 wrote to memory of 4108	4400	chrome.exe	75
PID 4400 wrote to memory of 4108	4400	chrome.exe	75
PID 4400 wrote to memory of 4108	4400	chrome.exe	75
PID 4400 wrote to memory of 4108	4400	chrome.exe	75
PID 4400 wrote to memory of 4108	4400	chrome.exe	75
PID 4400 wrote to memory of 4108	4400	chrome.exe	75
PID 4400 wrote to memory of 4108	4400	chrome.exe	75
PID 4400 wrote to memory of 4108	4400	chrome.exe	75
PID 4400 wrote to memory of 4108	4400	chrome.exe	75
PID 4400 wrote to memory of 4108	4400	chrome.exe	75
PID 4400 wrote to memory of 4108	4400	chrome.exe	75
PID 4400 wrote to memory of 4108	4400	chrome.exe	75
PID 4400 wrote to memory of 4108	4400	chrome.exe	75
PID 4400 wrote to memory of 4108	4400	chrome.exe	75
PID 4400 wrote to memory of 4108	4400	chrome.exe	75
PID 4400 wrote to memory of 4108	4400	chrome.exe	75
PID 4400 wrote to memory of 4108	4400	chrome.exe	75
PID 4400 wrote to memory of 4108	4400	chrome.exe	75
PID 4400 wrote to memory of 4108	4400	chrome.exe	75
PID 4400 wrote to memory of 4108	4400	chrome.exe	75
PID 4400 wrote to memory of 4108	4400	chrome.exe	75
PID 4400 wrote to memory of 4108	4400	chrome.exe	75
PID 4400 wrote to memory of 4108	4400	chrome.exe	75
PID 4400 wrote to memory of 4108	4400	chrome.exe	75
PID 4400 wrote to memory of 4108	4400	chrome.exe	75
PID 4400 wrote to memory of 4108	4400	chrome.exe	75
PID 4400 wrote to memory of 4108	4400	chrome.exe	75
PID 4400 wrote to memory of 4108	4400	chrome.exe	75
PID 4400 wrote to memory of 380	4400	chrome.exe	76
PID 4400 wrote to memory of 380	4400	chrome.exe	76
PID 4400 wrote to memory of 392	4400	chrome.exe	77
PID 4400 wrote to memory of 392	4400	chrome.exe	77
PID 4400 wrote to memory of 392	4400	chrome.exe	77
PID 4400 wrote to memory of 392	4400	chrome.exe	77
PID 4400 wrote to memory of 392	4400	chrome.exe	77
PID 4400 wrote to memory of 392	4400	chrome.exe	77
PID 4400 wrote to memory of 392	4400	chrome.exe	77
PID 4400 wrote to memory of 392	4400	chrome.exe	77
PID 4400 wrote to memory of 392	4400	chrome.exe	77
PID 4400 wrote to memory of 392	4400	chrome.exe	77
PID 4400 wrote to memory of 392	4400	chrome.exe	77
PID 4400 wrote to memory of 392	4400	chrome.exe	77
PID 4400 wrote to memory of 392	4400	chrome.exe	77
PID 4400 wrote to memory of 392	4400	chrome.exe	77
PID 4400 wrote to memory of 392	4400	chrome.exe	77
PID 4400 wrote to memory of 392	4400	chrome.exe	77
PID 4400 wrote to memory of 392	4400	chrome.exe	77
PID 4400 wrote to memory of 392	4400	chrome.exe	77
PID 4400 wrote to memory of 392	4400	chrome.exe	77
PID 4400 wrote to memory of 392	4400	chrome.exe	77
PID 4400 wrote to memory of 392	4400	chrome.exe	77
PID 4400 wrote to memory of 392	4400	chrome.exe	77

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://p.xn--90aaxfccpcbdc2c1dvc.xn--p1ai/return.php?p=TUsxP3NoYWRpLmRhbmRhc2hpQGNldmFsb2dpc3RpY3MuY29tPzExODA1P3ByZWZlckBvLmZsb3JpZGFyZW8ubmV0
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4400
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ffa02be9758,0x7ffa02be9768,0x7ffa02be9778
  2⤵
  PID:1392
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1564 --field-trial-handle=1864,i,15852829574541162462,16619574205368110758,131072 /prefetch:2
  2⤵
  PID:4108
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1748 --field-trial-handle=1864,i,15852829574541162462,16619574205368110758,131072 /prefetch:8
  2⤵
  PID:380
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1820 --field-trial-handle=1864,i,15852829574541162462,16619574205368110758,131072 /prefetch:8
  2⤵
  PID:392
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2948 --field-trial-handle=1864,i,15852829574541162462,16619574205368110758,131072 /prefetch:1
  2⤵
  PID:1936
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2956 --field-trial-handle=1864,i,15852829574541162462,16619574205368110758,131072 /prefetch:1
  2⤵
  PID:4620
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4840 --field-trial-handle=1864,i,15852829574541162462,16619574205368110758,131072 /prefetch:8
  2⤵
  PID:1888
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4964 --field-trial-handle=1864,i,15852829574541162462,16619574205368110758,131072 /prefetch:8
  2⤵
  PID:4232
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4496 --field-trial-handle=1864,i,15852829574541162462,16619574205368110758,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:992
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=1856 --field-trial-handle=1864,i,15852829574541162462,16619574205368110758,131072 /prefetch:1
  2⤵
  PID:2488
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=4888 --field-trial-handle=1864,i,15852829574541162462,16619574205368110758,131072 /prefetch:1
  2⤵
  PID:2568
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=864 --field-trial-handle=1864,i,15852829574541162462,16619574205368110758,131072 /prefetch:1
  2⤵
  PID:1600
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=2988 --field-trial-handle=1864,i,15852829574541162462,16619574205368110758,131072 /prefetch:1
  2⤵
  PID:5104
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=3020 --field-trial-handle=1864,i,15852829574541162462,16619574205368110758,131072 /prefetch:1
  2⤵
  PID:3276
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=3496 --field-trial-handle=1864,i,15852829574541162462,16619574205368110758,131072 /prefetch:1
  2⤵
  PID:756

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:3920

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\1b814545-e3d3-440f-9939-ffbef659bb8a.tmp

Filesize
136KB

MD5
050feb03fbd988b28ef10c11fc65bd24

SHA1
701526ea35e3d6e8fe7f0f3ad1805e43f6fde008

SHA256
0e5cd5920cf3154c5c7b609545179b8a7cdabc7027c51e0c5b760625a7c74534

SHA512
5d6bea2e7d894d5869a0f73ee6071b11fff2af8b6b936808775fa0d93d56616fa0262311362a6f119103d0fe08e81f3e26ce63efb62f1fe9645759223b2bf377

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000001

Filesize
211KB

MD5
e7226392c938e4e604d2175eb9f43ca1

SHA1
2098293f39aa0bcdd62e718f9212d9062fa283ab

SHA256
d46ec08b6c29c4ca56cecbf73149cc66ebd902197590fe28cd65dad52a08c4e1

SHA512
63a4b99101c790d40a813db9e0d5fde21a64ccaf60a6009ead027920dbbdb52cc262af829e5c4140f3702a559c7ac46efa89622d76d45b4b49a9ce01625ef145

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000002

Filesize
24KB

MD5
c594a826934b9505d591d0f7a7df80b7

SHA1
c04b8637e686f71f3fc46a29a86346ba9b04ae18

SHA256
e664eef3d68ac6336a28be033165d4780e8a5ab28f0d90df1b148ef86babb610

SHA512
04a1dfdb8ee2f5fefa101d5e3ff36e87659fd774e96aa8c5941d3353ccc268a125822cf01533c74839e5f1c54725da9cc437d3d69b88e5bf3f99caccd4d75961

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
192B

MD5
d4a7752fc5c583d5fbcaba5dcae25e37

SHA1
7c971fcd8aa34539bfa5c01bc28fc27d84bf7fd7

SHA256
e0b7f673cd70ea5f7b31e4a16ee3fa0053d4a3e4ac7f2379f46897f694953631

SHA512
4730a0ccdc2c2895a7b78555ff9c29e9fe55e13e8ac3171d2fe559409a7408682aa9f5b292000f7252cb6a03bc7e753b74d165bba59ba2142d4f892b8dbb7bb4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
192B

MD5
ce679f00f0426ac27a450c52a4a41792

SHA1
b68d2ab50397047d336b6965ab33217e2f4a7895

SHA256
c3cc2df6fa9cbcb5e90a9d48425232059af78c6673a0aca11dec10ed146b1533

SHA512
b16f302240e5e50ffe1021b6e20ebe1f3cffc039bdc89d95371e01df25fef048c175b7d96a7c56da709af455267a6a4dc513171bdd449460895131eae8c72385

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
72B

MD5
dccf52a75e4c491c35eecc939eb270fe

SHA1
1867a1d2b82e51ff43bf65d72b0836bc141d5b62

SHA256
638844fa60ffa68ef1cd894b543d6a240638928a06d4f85b5cf79cd81238b03b

SHA512
0eecff5ee52fb5fdad3020636628a6cc19fba32149771c7ac7d68ad849569e587631520ead33d3d8acd078cbebc24225392654fd5f8ea33c30b805c6f5540cbc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
952B

MD5
435518c707d6c52b40c7c6c928b505db

SHA1
208ae7cd8e541eb7f7a7f7fa8871993865fcb06e

SHA256
4e7c780e9677245a31c460e187ffc63add068330a3e817137bfdbd95eaac0149

SHA512
329da7d664c30ae231357613423e553e1c473eb346301ee75e4d110cdcc315d70c9273994fe4f6f10343ccd9b0457107750b1cb18a4d9a3798069fbcee9af2d6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
9918c79f916213604d45c9f756d6b57e

SHA1
cfa1c4d51a78af53a091d2042471393c71ebbd42

SHA256
db3846de429ec51d1279d0c5bb0a0178905fc3b975e05be63fd79f7f786bf079

SHA512
7bbc627e725a6b4c0fe35241b852028ba7620dff4c2b38a5ab62415dc09a89b6f49422460cd9e49222180379662dd2848c28f5357c1560805b389a922645bded

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
369B

MD5
43cf905ef8a5d74987455bb1b9a78e92

SHA1
235312919a6767458370c55cdc734a8d3585e98f

SHA256
a2ec7ca5c0dcbfb97bb36786936fd2544e3a168b08d61caadfeb1d10ee14a5d4

SHA512
591ddd00cce70f2072b5beb661b33ebd0a256d0cca5b33fb49679e4f930b2a3cdc7db2073db3a62893c988175eb6896ff76bd30dfe31a47e10aecfc75bd2c364

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
369B

MD5
ba0bef9768b9777972489709c86457f1

SHA1
4d7f736e6b7f3c0d89e8069d9736b3728db9f4e1

SHA256
180f2c2aafcc9b1e65d7b898f0675a014a431ccdc0b9f415ee931f5fb2627648

SHA512
6ca3c0a7ec0fbaebb5e99ed2caca792d9ec659787a5c68815a2073f2f1b063d9c74a74f974111b9572572a24c94cb4fcd6fe334d02bd24cde7add7987947c2d4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
a4a62b50f2262b72c13b63c2962b9c15

SHA1
818942e13c58e888ecd7c691db75b6f5ad3c2cd5

SHA256
86c12b906eb3f00278b1a43ed2d1bcbf19bd5ee5eade0ba1a74425c9cd91bd3d

SHA512
1601535d798ab6de521e113cbea797e41ae4ef679d738567c36e1f3702b24e182e7882ab9a046e213df15987b719c12522d3e8aafec9a5458da46594fddb297a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
adf4ddb67f1ae1e47b10309ca985daf6

SHA1
797387c97de6d95286eeffd4461cca915a09d80b

SHA256
c282f8046405adc35fc4485ecde8a38b6ccfe3eb759f83c22eda0ac2676d2326

SHA512
1662231c18e9acb5042188d30570da1fd16dcfd3a8a26078137e94f53193f8f70474a293ecc327a0d262e0d5c53d98ebefd31143f4a947a5c63cd30e3fd6c738

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
d93b8603606de376740fe4726c892c40

SHA1
c10c0eaf6de1b44d6a0b30a3ec1b97170cfc7209

SHA256
6eddb1c6041bc5844416a1e25ebfaad060a7f0c48988007c86bc6ee7fae347b1

SHA512
69893c2072cd263623a82319f1fbc9aa5fe9e6447a609b86e182756e1136940c35c95f2639eecd86b11183c420c6c772df42fc8a6a5602231d560b4a741ceaff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
0d48160ae1c5867e9ba4ab14060bd7bc

SHA1
13e4a612a3282d029d7bdc5a0001deb75ceb247e

SHA256
169f7f95187eade29e69005b37d96664daf2aed83e9ba0d58de28b7e5d740495

SHA512
6f2b7a4cbd165a9b80b6807f454c530e7eb2f31a35dfddae82ea83a806e8feabc757b2cc3f0a7a3a1037768075db9f82bae4b236e9364834d517966b8364de11

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
08c9ae77bb9de85a4903410bf4b26bb1

SHA1
d54052ff7642274850ed6a11b4a4346037e3dc4e

SHA256
f7a641c2a3e255815e3513527c1a1f0c556aa35a358992d0b82d9dd996d26588

SHA512
36ebbdb85568782552cb01991695ccba02973e3cada5a36449778a536cb3734ac379b88c1ac79336fdc53bf8a062af256429e673664cce80a98d096c5da75894

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
136KB

MD5
10df212caba61df9222dc25bc6c6c632

SHA1
a47a8220fc91568665df85b0000d5cd9329c3965

SHA256
29ba7b99e4a5637ee0e478e34d4c9e937a7bfee420a15af31c7613722c608861

SHA512
801e430dc1469642e212dd5cab314036d82ad53dc419e9b98d41626ef2098af39796d9dfc07363fe3174514f589c8777c683b177cf5a64db3cbe3745858f84bb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
136KB

MD5
abd0f9eec280880647338936d4f52637

SHA1
07a5d167303ea2531ba59e51d7265d6ffe4bda65

SHA256
fe52f165aff07874096336e9b562490cdbd04070379e71d7ddeb8a93301dd98e

SHA512
ed3f3d7f05486ef1b7897ab11cec9c36883e91603c0e0af789f2a90ec1896c7f1ec2b85c31da6b569f16c5425b9723f30cd39263d2f3ed8e306ba945b3c7b3f9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit